|
Possible New Toolbar Problem Targeting Traffic Scripts
Just doing some routine checks on incoming referrers on one of my sites today, I came across this site: http://safeadultweb.com/main.shtml
They are ditributing a toolbar that will bypass traffic scripts on TGP/MGP type sites, and probably others. This in itself is bad enough for TGP owners, as it will completely screw up productivity numbers if enough of your surfers are using it. They currently have a list of over 800 sites that it works with, and there are some pretty big names on that list. Upon further investigation, this Thread was brought to light on a spyware forum. The registrant of the domain mentioned there is also the current registrant of the domain safeadultweb.com Registrant: Exeneden Group Ltd. 14 Niche Willy Arena Str. Gzira, MT GZR-06 MT +356.347689 Domain Name: SAFEADULTWEB.COM Administrative Contact: Koval, Andrew [email protected] 14 Niche Willy Arena Str. Gzira, MT GZR-06 MT +356.347689 Technical Contact: Koval, Andrew [email protected] 14 Niche Willy Arena Str. Gzira, MT GZR-06 MT +356.347689 Record expires on 02-05-2008 Record created on 02-05-2007 Domain servers in listed order: NS1.HOSTING.FLYINGCROC.NET 207.246.129.73 NS2.HOSTING.FLYINGCROC.NET 207.246.129.74 I don't know if it's faked or not, but you'll also notice the email address given there for Admin contact is [email protected] This toolbar does not identify itself in the user-agent field, it is being distributed 100% free, and there is no advertising or upsells on either the safeadultweb.com pages, or the sawtoolbar.com pages. The toolbar also works off a database provided from their server that needs to be updated and maintained. I find it hard to believe anyone would go through all that trouble just to help out Joe Surfer. It smells of someone trying to get a ton of installs and then turning it into something bad for a windfall of cash. I just wanted to make people aware, and see if maybe someone can come up with a way through Java or PHP to detect it in the user's browser and redirect them. See sig... |
Damn, Auntpolly has been around for years as well.
|
Let's also note that the nameservers appear to belong to the sextracker crew.
|
wow, so it cuts off trading traffic too
Quote:
|
wow. this looks like a big problem brewwing.
|
it just doesn´t look very good......
|
Quote:
|
Quote:
And of course there's always the threat that it could start changing URL's, mangle or replace affiliate codes, launch popups, or start installing some other kind of malware in the future. |
Interesting thread. Anyone know anything more about this?
|
Hmm interesting. I guess you could write a little code and send everyone with that toolbar somewhere nice.
|
Thanks for letting us know. I can't wait to see how this plays out.
|
Quote:
|
Here's a couple more links. The auntpolly email address is apparently real:
http://www.yellowprickroad.com/Webmasters.html And this one is supposed to convince us that them playing with our traffic is good for us, and we should actually help them: http://www.yellowprickroad.com/Webmasters.html |
I didn't have to go far to figure it out.... the same people run "mom-and-boy".
Go figure. This will turn into major malware. I suspect that they aren't "fixing" the links to assure 100% click thru, but rather than redirecting people to similar content galleries. In other words, they are making 100% skim on your TGPs. |
Bump to put it back on top...
They are targeting some very big sites like Shemp, Sleazy, Thumbzilla, Ampland, Elephant List and others. |
I've also found that the registrant listed above is the current registrant of EXENEDEN.COM who has also been listed on several more sites for running the "CoolWebSearch" exploits and others.
More info can be found at these URL's: http://www.google.com/search?q=Exeneden+Group http://forums.maddoktor2.com/index.php?showtopic=6308 http://spyware-free.us/files/cws.txt Browse through the google results and run a few searches yourself and you'll find quite a few lists of banned and blocked domains including that domain and others they own. |
Wow, quite the development. Hm.
|
Quote:
http://www.xbiz.com/news_piece.php?id=17819 http://www.adwaresucks.com/zango/zangohtaccess.txt I'm not sure where you would want to send them but I think this would solve your problem. |
I've always thought skimming was a bullshit way to generate traffic anyway. It's had a good run. Time to move on.
|
where can I download this? I am fucking tired of clicking a thumb 100000 times and not going to a gallery :mad:
This should be a wake up call. If the person creating this malware thinks there are enough people pissed off about the skimming that should tell you something. :2 cents: |
damn :( :(
|
Quote:
|
Quote:
([ yoursite.com/yourtgpcode/ugotredirectedhere/urtrafficjustgotstolen |
Quote:
No doubt many surfers feel this way so you have to really balance traffic trading with galleries so you don't piss off your surfers. There are more and more TGP's every day and since we are all fighting over the same surfer, its more and more important to make a site they will come back to. IMHO anyway. I certainly think we as an industry should keep an eye on malware threats like this. Matt |
Quote:
|
Currently it is used by .0000001% of the surfing public?
|
Quote:
I'm not saying I support this toolbar, but the days of the skim are hopefully coming to an end. Traffic can be traded in other ways, yielding much better results. As far as this toolbar, this does look like a setup to eventually move the surfers around to where they want. In the meantime, an Htaccess fix should work. |
Quote:
|
Quote:
It also shows that some people will go to very extreme lengths to steal traffic from others, and puts the onus on the programs to once again not deal with thieves and not buy the traffic. It won't be long before the toolbar people will be replacing every link on every page to their own stuff, totally fucking the surfer over. The programs need to wise up to this stuff, you could end up paying theives for traffic until there is nobody left to steal from... then they will really fuck you over by controlling too much of the traffic and raising the price until your business is unprofitable. |
Quote:
|
Quote:
shit like this can only be bad for the net and for our biz......anyway to fight it? |
someone needs to code a small javascript or something to disable the script, something along the lines of the "fuck off you're running zango" script that was getting passed around. if lot of tgp webmasters jump on board, or if they implement it into the trade script somehow it might be a good idea to look into something like this....
|
oh if SexTracker is involved you can bet this is going to end up fucking over TGP owners and their submitters and spot buyers and surfers in the end too.
bad news. this industry needs a spyware/toolbar/malware watchdog group who keep up to date on what's out there and who's behind it. |
When these guys are able to bypass the tradescript url they are also able to overwrite the affilate codes on hosted galelries !
This is BAD BAD news ! |
just run your tradescript through a php page and you'll be fine
foo.com/blah.php?link=1234 |
Quote:
Also, with a tgp script sending a redirect, that includes the gallery url, to the traffic script, the toolbar can always intercept the redirect, parse the address, and remove anything it doesn't want. |
I have an idea for a possible solution. I think it would stop this toolbar and anything similar in the future.
The flaw in the system (any tgp system) is the forwarding redirect from the TGP script, to the traffic script. If that redirect were eliminated, there's nothing for a program like this to catch and modify, assuming that the gallery url is not passed along during clicks. If a traffic script had a version of their out script that could be included into another php script (the tgp out script) that final redirect could be eliminated. I think it would just take a little extra work on the part of the TGP script guys, and the traffic script guys. On the trafic script side, you have the out script encapsulated in a function. Pass the variables to the function, instead of through a url. Something like this. Code:
trafficout($skim, $url, $linktag);Code:
if !$trafficinclude {Run normal routine and redirect externally} else {include $trafficinclude; trafficout($skim, $url, $linktag);}But now, the surfer would click, the tgp script would do it's thing, the traffic script would do it's thing, and then a simple single URL is spit out as a redirect. Anything (like this toolbar) sitting in the middle would not know anything about the gallery until that final redirect is sent, and then it wouldn't know if the URL being put out is the gallery, or a trade, because it has nothing to match it to, and it never saw any variables passed to the traffic script through the url. I don't think this would really cause more than a few minutes work for programmers on either side, and although I'm not sure, I'm guessing the scripts written in C could also have a small php wrapper written that would allow them to be included into a php script. |
Quote:
|
:Oh crap
|
I think you should start more posts about it... that way more surfers will find out and start using it... it's not like there are any surfers on gfy of course... :P
|
Quote:
|
Quote:
So.. as soon as your script spits out the URL, the toolbar scans the URL and looks for words in the url like "track", "visit", "go", "signup", "click" and etc etc... Soon as I see it, I replace your aff code with mine and send the surfer over. It's a lion in sheeps clothing... keep an eye on it. |
Quote:
|
i posted this "idea" here some 4 years ago. It was matter of time someone would do such thing
|
| All times are GMT -7. The time now is 05:14 PM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123